The Department of Defense refers to network security as "Information Assurance" (IA) - the idea being that appropriate network security implementation will result in assured access to the information and networks needed by America's warfighters. Information Assurance protocols are governed by the Defense Information Systems Agency (DISA), with additional influence from U.S. Cyber Command and the National Institute for Standards and Technology (NIST) Computer Security Resource Center (CSRC). DoD and NIST guidance informs similar standards in private industry, and vice versa.
Network security is built on the "CIA Triad": Confidentiality, Integrity, and Availability. Generally speaking, Availability constitutes the ability to access data easily. Confidentiality involves restricting access to only the intended audience. Integrity requires that the data being accessed is free from external tampering. In a secure system, availability is typically sacrificed for the benefit of Integrity and Confidentiality; in less secure systems, Availability is optimized at the cost of Confidentiality and Integrity.
With all of that in mind, I found this item at Failblog both amusing and extremely topical. This touches on all three legs of the CIA Triad. Depending on where the laptop in question was stolen from, the individual in question may have been emphasizing Availability at the cost of Confidentiality and Integrity. It also betrays a lack of appropriate backups on the part of the laptop's owner - a risk mitigation measure emphasized by DoD and NIST IA doctrine - to ensure that a catastrophic failure (or, in his case, a theft) doesn't result in a total loss of data Integrity and/or Availability.
If your data's important to you, back it up. In the case of this particular PhD candidate, the data was extremely important, and I can't imagine that the whole thing turned out well for him. As one of my former colleagues was fond of noting, if you can't maintain positive physical control of your assets at all times, then your system is not secure.
No comments:
Post a Comment